I got hacked mid-air while writing an Apple-FBI story

Steven Petrow, the journalist who had his computer hacked while on a flight, recounts his experience and what he learned.
Video by Ryan Connelly Holmes for USA TODAY

Protesters opposed to the FBI's demand that Apple aid it in unlocking a phone used by San Bernardino shooter Syed Rizwan Farook stand outside the Apple store in downtown San Francisco on Feb. 23, 2016.(Photo: Elizabeth Weise)

“I don’t really need to worry about online privacy,” I used to think. “I’ve got nothing to hide. And who would want to know what I’m up to, anyway?”

Sure, I’m a journalist, but I’m not an investigative reporter, not a political radical, not of much interest to anyone, really.

That was last week, when the standoff between the FBI and Apple seemed much more about principle than practice to me. That’s when I thought I’d write a column on whether this legal fight matters to regular folk — people like my mother, a retired social worker; my best friend, who works in retail; or even my 20-year-old niece in college. That was before I found out — in a chillingly personal way — just why it does matter. To all of us.

Just before midnight last Friday, my plane touched down in Raleigh after a three-hour flight from Dallas. As usual, I’d spent much of the flight working, using American Airlines Gogo in-flight Internet connection to send and answer emails. As I was putting on my jacket, a fellow in the row behind me, someone I hadn’t even noticed before, said: “I need to talk to you.” A bit taken aback, I replied, “It’s late … need to get home.”

“You’re a reporter, right?”

“Um, yes.”

“Wait for me at the gate.”

[I didn’t answer, but I did wait.]

“How did you know I was a reporter?” I asked while we started walking.

“Are you interested in the Apple/FBI story?” he responded, ignoring my question.

“Kind of. Why are you asking me that?” I thought he was some kind of creepy mind reader.

Then he dropped the bombshell.

“I hacked your email on the plane and read everything you sent and received. I did it to most people on the flight.” He had verbatim detail of a long email that he repeated back to me essentially word for word.

In fact, as Steve Nolan, Gogo’s vice president of communications, told me, the service is “public” and “operates in the same ways as most open Wi-Fi hotspots on the ground.” He cautioned against “accessing sensitive materials while in flight.”

The danger is that the court’s demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all."

That’s what my privacy-busting stranger had read. Back to my conversation:

“That’s how I know you’re interested in the Apple story,” he continued. “Imagine if you had been doing a financial transaction. What if you were making a date to see a whore?” My mind raced: What about my health records? My legal documents? My Facebook messages?

And then the kicker:

“That’s why this story is so important to everyone,” he told me. “It’s about everyone’s privacy.”

Then he headed down the escalator and I headed out the front door. I may have been wearing my jacket, but I felt as exposed as if I’d been stark naked.

With a newfound personal interest in the topic, the following day I called Alex Abdo, an attorney in the ACLU's Speech, Privacy and Technology Project, to talk about why ordinary Americans should care about the Apple case. At first he told me some of what I knew. If the government wins it would set a “dangerous legal precedent … that would force companies to build back doors into their products. It will be used hundreds and hundreds of times if it becomes lawful.”

Abdo made it clear why this matters to ordinary consumers like me — to all of us. “The risk is that it makes it more likely that individuals’ devices with no connection to any investigation will become less secure because companies will have established back doors …. that will fall into the wrong hands.” For emphasis, he added: “No back door is secure.”

But really, I pushed him, who is in actual danger here? The answer, apparently, is pretty much all of us. “Anyone who relies on the security of their devices,” he told me.

It should be up to each of us to decide what to make public, and what to keep private, he continued. For me, I felt as though the stranger on the plane had robbed me of my privacy—as was explicitly his intent. He took the decision of what to share out of my hands. He went in through the back door of the Gogo connection.

Posted!

A link has been posted to your Facebook feed.

Protesters at the Apple Store on 5th Ave. in New York demonstrate in support of the company's privacy policy. Demonstrators are expected to gather in a number of cities to protest the FBI obtaining a court order that requires Apple to make it easier to unlock an encrypted iPhone used by a gunman in December's mass murders in San Bernardino, Calif. Robert Deutsch, USA TODAY

Interested in this topic? You may also want to view these photo galleries:

I asked Abdo what we could to do protect our privacy. This is what he told me:

Call your representatives in Congress and on a statewide level and express your support for Apple in this case. Here’s a list of all U.S. members of the House and Senate. https://www.congress.gov/members

Make sure your devices are using their built-in encryption features. That’s FileVault for Apple devices and BitLocker on Windows products.

Use a password manager to help you create and store different — and strong — passwords for all your accounts. Don’t use the same password repeatedly, and don’t ever use passwords like “password” or “123456.” Some popular ones include DashLane, LastPass, and Sticky Password.

Download WhatsApp, Telegram, or Signal, messaging apps that go great distances in encrypting voice and electronic messages. Keep in mind that even they are not 100% secure.